From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.69])
 by mx.groups.io with SMTP id smtpd.web09.5702.1607036117800028224
 for <devel@edk2.groups.io>;
 Thu, 03 Dec 2020 14:55:18 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=Giy7zi76;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.92.69, mailfrom: thomas.lendacky@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=MIAhB2t8TW4P84VGVCmV9mwfy10yKkQirPkABr6JvapVulxlcy33RvfBksIRq/NiyzuIKHjPZ3nOcvzY2o09HYBuAOxQPfL54I+D1ZFwolQv/kElLMENBlsJOYNC0w0G9dIDWUl7n4xKjmeU8UWmAbYF0egDP5saIPUzAHviBw8MFI+TQeYk4I/Y07JKUhX5xu02Kpch1m56q6n8lqC4r29dK9TDoeZWEGRRnyrBJlEMa7RcBYgvpZOOJ5VpZs3q30MqvY4/hjCRtEJ2QrDGP53zcuugtMN22amAgFVHpM/2Dxo3OV7ECYLuBGzcw9XckURtsdQQVgAeR24+/Ku5Wg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=y+QmrvGcvZ5UKUe18M0g+knFZ7rFJlLZFCmMxp0gCLM=;
 b=M2IjLm5kbpJ5vrhOZqG5bgGYlt19k+far5y4xQ9Zf+Y9qv2bzNYxdd9Ph7HgKinp/Ay3BfRrhg34gj8/3ihrYrYT4A8pCmHo8gFy/fORbvA6h7fyKr1Wa1s3YpOKTSdMvLvKUtoxiBFcntV33ZXxN8lAW7t2vs4/W5oH58vrt6OBgjDgjuQeWgnJ3FwNDSrNKauRebWLe8HjET/34I+C9y5P8Sogx1wbuF2TinLrj81xTdBvdDZctngyZ8eOPTwvNEfysKiFRS0/8TZBy36fbd6toPqMbdXwo6aDxo6l8bLjAs/Gsuh76h4t9PPxXhinmnIRLI94P77hmorqqxjrgw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=y+QmrvGcvZ5UKUe18M0g+knFZ7rFJlLZFCmMxp0gCLM=;
 b=Giy7zi76o3ilRo0JaraqtRpgqbKpk2bE2b7wP06/nXMT6BQ2ltI64AzPRi7AVFVlxK8z+cEQU+hSO5dAg4hb1+CBt7mOCg2d9yB3zASLq+xB5fwacBEVhMd1btnV1V7VKO/x1eLdV0iTXQHNoh2zwXeqR0h8d8GqnT5ahculRFE=
Authentication-Results: arm.com; dkim=none (message not signed)
 header.d=none;arm.com; dmarc=none action=none header.from=amd.com;
Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by
 DM6PR12MB3372.namprd12.prod.outlook.com (2603:10b6:5:11b::11) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3632.21; Thu, 3 Dec 2020 22:55:16 +0000
Received: from DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3632.019; Thu, 3 Dec 2020
 22:55:16 +0000
Subject: Re: [PATCH v2 3/3] OvmfPkg/PlatformPei: Mark SEC GHCB page in the page encryption bitmap.
To: Ashish Kalra <Ashish.Kalra@amd.com>, devel@edk2.groups.io
Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com,
 Jon.Grimm@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com,
 dgilbert@redhat.com, lersek@redhat.com, jordan.l.justen@intel.com,
 ard.biesheuvel@arm.com
References: <cover.1607032888.git.ashish.kalra@amd.com>
 <c8aee5c87f56b728a8f8bc1c28c3092df773d039.1607032888.git.ashish.kalra@amd.com>
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
Message-ID: <7c114656-16cf-3c08-937e-cd21003cc1a7@amd.com>
Date: Thu, 3 Dec 2020 16:55:13 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
In-Reply-To: <c8aee5c87f56b728a8f8bc1c28c3092df773d039.1607032888.git.ashish.kalra@amd.com>
X-Originating-IP: [67.79.209.213]
X-ClientProxiedBy: SN4PR0501CA0038.namprd05.prod.outlook.com
 (2603:10b6:803:41::15) To DM5PR12MB1355.namprd12.prod.outlook.com
 (2603:10b6:3:6e::7)
Return-Path: thomas.lendacky@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from office-linux.texastahm.com (67.79.209.213) by SN4PR0501CA0038.namprd05.prod.outlook.com (2603:10b6:803:41::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.5 via Frontend Transport; Thu, 3 Dec 2020 22:55:14 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: ecdb569c-5b9f-4c2f-72cc-08d897de7fec
X-MS-TrafficTypeDiagnostic: DM6PR12MB3372:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM6PR12MB3372F52CC3D57A82879F6C67ECF20@DM6PR12MB3372.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	b86wp2O6zXKz+ioH8uRQ1rOcfm06Hfo5eUWOu3Y6y8Uh5dAr3dKHoRrq8UPY4laYg3ocnG7OWwXj1QzEWpt23i9CLyIL0x/LgzJ7X3S5msyB6JzExpzuGN+S9p/jBNlNBL0rW39ZJ+8W1urMw8okidS/9MTkZxjEfXreMm6Fnby1GQ44mrrCCCYb58JzlcuXIyxksS4FDW69FTU046A9EJaXpMBTPUgxzZxfJOdkRV9eRzrkrqNzTz67X+EeiRjr79uwm65X/E85PpblIODGIm7mlu8NEpSEv5RTFfazGQYZnoQoWHYU7mMpY0V4cbNC51X+ORy5lpjYvh53oQSn4dy8gX/mLK2EJIQ7e28nYp1pmn2ndrQr5qEtakpt4DtOgShHEXd9ae3OmPAp0MMe+sgcmTW4ZZSl3ICtT3z4NkU=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(396003)(376002)(136003)(39860400002)(346002)(8936002)(5660300002)(6486002)(956004)(16526019)(186003)(2906002)(6512007)(26005)(2616005)(31696002)(478600001)(86362001)(53546011)(6506007)(4326008)(31686004)(36756003)(316002)(19627235002)(66476007)(66946007)(66556008)(8676002)(52116002)(43740500002)(45980500001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
	=?utf-8?B?QTlUNW9Od0puVkNpbTB5ckI4MXVkbGQrQ2tWajlMR0I5L2dWOVBiM08wZlpS?=
 =?utf-8?B?a3kzeWVMUXNLWVRHSkVGWUs4RUVJcGgzcEhaZjhPbjIxQkxnSkJrNUgyb0g3?=
 =?utf-8?B?cUNHQmNFMmlVajhkN0dtNjlqLzJYWFNUNW9BTy9RN3hCVG9WeDBhOUg1YWRl?=
 =?utf-8?B?ay9KQ2RDcXRCSUc0dFZ5OW94SkM4S09lR1NDbUtCTS92TXJ4VytrVlVoWHEr?=
 =?utf-8?B?a3lmOE9IeEl0N2p5MUhIcEF4WlZQNExwVUxPbDBucUtOYkZaNE1ydGEzTEx2?=
 =?utf-8?B?RSswdTlDVGxhSWdVNmxRaXhYZ3lEazQxZW8zY3NOdkFrRmdLRzAwYVB6eE9H?=
 =?utf-8?B?Qnk1cGRObm00enNmMHN0Q1dLdTFoVElXVlBjVHpLUzN3Vnlma2dHcjZZck14?=
 =?utf-8?B?UVBpbWxla21aMU9ER1YzeFVSb0hOTkNrdVEyeWd6Z3kwODlwNE1UVXgvVnFy?=
 =?utf-8?B?T2FKYS8xbitGSGttQWw1QmZhQ3VKUHR3MGF0TmNnSFlnbkxqdGdma0pQOTl6?=
 =?utf-8?B?ZWN5bmJLTjZEc1ZPcnZmRTZxUE5wSm1XWUtPYXJ2SmNiTVNhSDZTWTFYNWgw?=
 =?utf-8?B?RHdyQWs2Nm85RzVnc3R6cFM4NEN2RzQvaTJPOS8weFFBNDlzMHV0cE1WUjdu?=
 =?utf-8?B?MmZZb1pJZnhFZlhKR3p6aFRnbzVpTDFSTk1wSSsrODlXQ09na0ZCdk9uVWFH?=
 =?utf-8?B?ODluRWxLWEoyS21rcVd1bGdhWGt4WnJncFVFK3VZL085RGdsUjZwVUdYSlpx?=
 =?utf-8?B?STdrZ0hJb2xXK3owZ05NTEpvUjFEZ2JiTVVkQmthbk5IZjhhWTlERm5VVlpq?=
 =?utf-8?B?VEJ4dkN2eGNLWEgvRWZwb2ZFWmhqMk12Ny9rNlFpazZwR2tUc1hmdTJzbk05?=
 =?utf-8?B?UFpQSmtkeitnOFhWWUpJMjBSbWJaWUZSb1c3d3ZUSUZ6UFpIS2lOTjhBTVJq?=
 =?utf-8?B?MW5yYnhxaEpETGFJRkhKZWdyRTlzeE9FenY2bnRiOHF6VUhudVRzK0cxbEhM?=
 =?utf-8?B?YUxZdVJmU20yUjBUNm1oS1pxdUhORXZERmNiREVZbzV4Q1NQaURrN1U3VUdG?=
 =?utf-8?B?S256SS9jTk10bDVDekJCaGlRVWhzdjJPRGxRUHpUemdhU2kvVEgwMXViZUMw?=
 =?utf-8?B?cTFwc2pKejluWWJWc3JMd2lzTzZ4dDkvYUVvY0h1OXVMTUpSZnc0clVsMXk3?=
 =?utf-8?B?N1V2dkVndkR1b3MrcmtJN1ZPaGZzWkJxK0wwK3Fqa0l5MnZ5aGhCcUQwWVBG?=
 =?utf-8?B?cnZqTlJMY2NkMk8rMzFzbXFvNnR1RWtENEkzaTJzNmZyVkVlOTI2d3JBNGxo?=
 =?utf-8?Q?hpCiXNsufNvpoCkN2JG9fV+/xTS+21wsZb?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ecdb569c-5b9f-4c2f-72cc-08d897de7fec
X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Dec 2020 22:55:15.9250
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: jrJoBaHdAO6Hurd0Crl3/CTokxYVp2b8ETF+HoQPLc+UvgYZdUbP3//o8xkYkAKQR3mgkvxSIdX3mS4avprstw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3372
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 12/3/20 4:27 PM, Ashish Kalra wrote:
> From: Ashish Kalra <ashish.kalra@amd.com>
> 
> Mark the SEC GHCB page that is mapped as unencrypted in
> ResetVector code in the hypervisor page encryption bitmap.
> 
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> 
> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> ---
>   OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++
>   1 file changed, 10 insertions(+)
> 
> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
> index 4a515a4847..456d32be84 100644
> --- a/OvmfPkg/PlatformPei/AmdSev.c
> +++ b/OvmfPkg/PlatformPei/AmdSev.c
> @@ -15,6 +15,7 @@
>   #include <Library/HobLib.h>
>   #include <Library/MemEncryptSevLib.h>
>   #include <Library/MemoryAllocationLib.h>
> +#include <Library/MemEncryptHypercallLib.h>
>   #include <Library/PcdLib.h>
>   #include <PiPei.h>
>   #include <Register/Amd/Cpuid.h>
> @@ -77,6 +78,15 @@ AmdSevEsInitialize (
>   
>     ZeroMem (GhcbBase, EFI_PAGES_TO_SIZE (GhcbPageCount));
>   
> +  //
> +  // GHCB_BASE setup during reset-vector needs to be marked as
> +  // decrypted in the hypervisor page encryption bitmap.
> +  //
> +  SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase),
> +    EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
> +    FALSE
> +    );
> +

This seems like an odd place to add this. Why not near the top of the 
function just after setting the PcdSevEsIsEnabled PCD, rather than in the 
middle of setting up the new GHCB pages.

Thanks,
Tom

>     PcdStatus = PcdSet64S (PcdGhcbBase, GhcbBasePa);
>     ASSERT_RETURN_ERROR (PcdStatus);
>     PcdStatus = PcdSet64S (PcdGhcbSize, EFI_PAGES_TO_SIZE (GhcbPageCount));
>